radiusd server does not respond to radtest from another host

tnt at kalik.net tnt at kalik.net
Sun Mar 8 14:25:31 CET 2009


>Something may be wacky with the network configuration on the 10.10.10.10
>machine. The packet capture shows that the NAS-IP-Address attribute is set
>to 127.0.0.2 but it should be 10.10.10.10.

I second that. Who knows what's going on with .11 as well.

>Since 127.0.0.2 is not in
>clients.conf, the request will be ignored. Try running radtest with the
>following options
>
>
>
>radtest pencil richard6 10.10.10.11 0 testing123 1 10.10.10.10
>

Freeradius is smarter than that. You can't spoof it that easily. It will
look up packet source IP and check that against clients.conf. You can
change NAS-IP-Address to whatever you like it will still check for the
client as address from which packet was sent. This is a security feature.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list